With the rapid development of smart manufacturing applications, intelligence also brings some potential security risks, such as industrial automation and control equipment being threatened by malicious software such as ransomware. Therefore, the endpoint defense mechanism of the industrial control field has become an important key to ensure the reliable operation of the industrial control field. This paper will propose a malware detection mechanism for endpoint protection in the smart manufacturing field. We extract the system API call sequence of the software through the sandbox environment and find out the potential relationship before and after the sequence. Then use deep learning to build a malware detection model. This mechanism can prevent malicious programs from evading detection through variants, and effectively reduce the threat to the security of endpoint devices in the smart manufacturing field.